Skip to main content

πŸ’Ό 1.14 Ensure API keys are restricted to only APIs that application needs access - Level 1 (Manual)

  • Contextual name: πŸ’Ό 1.14 Ensure API keys are restricted to only APIs that application needs access - Level 1 (Manual)
  • ID: /frameworks/cis-gcp-v1.2.0/01/14
  • Located in: πŸ’Ό 1 Identity and Access Management

Description​

API keys are insecure because they can be viewed publicly, such as from within a browser, or they can be accessed on a device where the key resides. It is recommended to restrict API keys to use (call) only APIs required by an application.

Similar​

  • Sections
    • /frameworks/cis-gcp-v1.3.0/01/14
  • Internal
    • ID: dec-c-0d599691

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS GCP v1.3.0 β†’ πŸ’Ό 1.14 Ensure API Keys Are Restricted to Only APIs That Application Needs Access - Level 1 (Manual)1

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS GCP v1.3.0 β†’ πŸ’Ό 1.14 Ensure API Keys Are Restricted to Only APIs That Application Needs Access - Level 1 (Manual)1

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (1)​

PolicyLogic CountFlags
πŸ“ Google API Key is not restricted for unused APIs 🟒1🟒 x6